CN112866272A - Anti-theft chain management and control method of cloud platform, downloading platform and equipment - Google Patents

Anti-theft chain management and control method of cloud platform, downloading platform and equipment Download PDF

Info

Publication number
CN112866272A
CN112866272A CN202110134037.3A CN202110134037A CN112866272A CN 112866272 A CN112866272 A CN 112866272A CN 202110134037 A CN202110134037 A CN 202110134037A CN 112866272 A CN112866272 A CN 112866272A
Authority
CN
China
Prior art keywords
user
http
speed
download
limiting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110134037.3A
Other languages
Chinese (zh)
Other versions
CN112866272B (en
Inventor
刘涛
韦富城
肖锋
陈天明
潘浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi Shilian Technology Co ltd
Original Assignee
CENTURY DRAGON INFORMATION NETWORK CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CENTURY DRAGON INFORMATION NETWORK CO LTD filed Critical CENTURY DRAGON INFORMATION NETWORK CO LTD
Priority to CN202110134037.3A priority Critical patent/CN112866272B/en
Publication of CN112866272A publication Critical patent/CN112866272A/en
Application granted granted Critical
Publication of CN112866272B publication Critical patent/CN112866272B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/20Traffic policing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

The application discloses a method for managing and controlling a theft-proof chain of a cloud platform, a downloading platform and equipment, wherein the method comprises the following steps: responding to the download access of a user, and acquiring an Http download request sent by the user; acquiring HTTP _ REFERER information in the Http download request; judging whether the HTTP _ REFERER information is in an HTTP _ REFERER blacklist or not; when the HTTP _ REFERER information is judged to be in the HTTP _ REFERER blacklist, refusing the download access of the user; when the HTTP _ REFERER information is judged not to be in the HTTP _ REFERER blacklist, judging whether the user is a speed-limiting user or not; and when the user is judged to be the speed-limiting user, limiting the downloading speed of the user. The problem of the relatively poor technical problem of current pickproof chain management and control effect is solved.

Description

Anti-theft chain management and control method of cloud platform, downloading platform and equipment
Technical Field
The application relates to the field of anti-theft chains, in particular to an anti-theft chain management and control method, a downloading platform and equipment of a cloud platform.
Background
With the rapid development of the internet, resources and information on the network can be released at will. The contents of other websites can be placed in the own website by someone with no special interest, the benefit of the stolen website is damaged while the bandwidth and the server resources of the stolen website are occupied, and a large amount of network resources are stolen. Therefore, it becomes critical to manage the anti-stealing link of network resources.
In the conventional anti-stealing link management and control, Http _ referr information in Http is used, and the Http _ referr information includes a URL source of a website, so that whether an Http request is sent by another website can be detected through the Http _ referr information. However, the HTTP _ referr information can be forged and is not trusted, resulting in poor management and control effect of the existing anti-theft chain.
Disclosure of Invention
The application provides a method for managing and controlling a theftproof chain of a cloud platform, a downloading platform and equipment, and solves the technical problem of poor effect of managing and controlling the theftproof chain in the prior art.
In view of this, a first aspect of the present application provides a method for managing and controlling a hotlink of a cloud platform, including:
responding to the download access of a user, and acquiring an Http download request sent by the user;
acquiring HTTP _ REFERER information in the Http download request;
judging whether the HTTP _ REFERER information is in an HTTP _ REFERER blacklist or not;
when the HTTP _ REFERER information is judged to be in the HTTP _ REFERER blacklist, refusing the download access of the user;
when the HTTP _ REFERER information is judged not to be in the HTTP _ REFERER blacklist, judging whether the user is a speed-limiting user or not;
and when the user is judged to be the speed-limiting user, limiting the downloading speed of the user.
Optionally, the determining whether the user is a speed-limiting user specifically includes:
acquiring a speed-limiting user set sent by a big data anti-theft chain analysis platform;
judging whether the user is in the speed-limiting user set;
when the user is judged to be in the speed-limiting user set, judging that the user is a speed-limiting user;
and when the user is judged not to be in the speed-limiting user set, judging that the user is not a speed-limiting user.
Optionally, the users in the speed-limited user set satisfy at least one of the following conditions:
yesterday traffic of the user exceeds a first threshold;
the yesterday ip number of the user exceeds a second threshold value;
yesterday traffic of the user exceeds a third threshold value and yesterday ip number of the user exceeds a fourth threshold value;
the traffic of the user in the last 5 days exceeds a fifth threshold value, and the ip number of the user in the last 5 days exceeds a sixth threshold value;
the user's last 5 days traffic exceeds a seventh threshold and the user's last 5 days ip province number exceeds an eighth threshold.
Optionally, the method further comprises:
when the HTTP _ REFERER information is judged not to be in the HTTP _ REFERER blacklist, generating a download address of the HTTP download request, and sending the download address to a resource pool;
acquiring a download resource returned by the resource pool;
and transmitting the downloading resource to the user at the limited downloading speed so as to finish downloading access.
Optionally, the obtaining Http _ referr information in the Http download request further includes:
acquiring the download validity period of a download address corresponding to the Http download request;
judging whether the download address is valid or not based on the initiation time of the Http download request and the download validity period;
when the download address is judged to be invalid, refusing the download access of the user;
and when the download address is judged to be valid, executing the subsequent steps.
Optionally, the obtaining Http _ referr information in the Http download request further includes:
acquiring the access upper limit times and the accessed times of the download address corresponding to the Http download request;
when the number of accessed times is judged to be smaller than the access upper limit number of times, adding the number of accessed times together and executing the subsequent steps;
and when the accessed times are judged to be more than or equal to the access upper limit times, refusing the download access of the user.
A second aspect of the present application provides a download platform, comprising:
the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for responding to the downloading access of a user and acquiring an Http downloading request sent by the user;
a second obtaining unit, configured to obtain Http _ referr information in the Http download request;
a first judging unit, configured to judge whether the HTTP _ refferer information is in an HTTP _ refferer blacklist;
the processing unit is used for refusing the download access of the user when the HTTP _ REFERER information is judged to be in the HTTP _ REFERER blacklist;
a second judging unit, configured to judge whether the user is a speed-limited user when it is judged that the HTTP _ referr information is not in the HTTP _ referr blacklist;
and the limiting unit is used for limiting the downloading speed of the user when the user is judged to be the speed-limiting user.
Optionally, the determining whether the user is a speed-limiting user specifically includes:
acquiring a speed-limiting user set sent by a big data anti-theft chain analysis platform;
judging whether the user is in the speed-limiting user set;
when the user is judged to be in the speed-limiting user set, judging that the user is a speed-limiting user;
and when the user is judged not to be in the speed-limiting user set, judging that the user is not a speed-limiting user.
Optionally, the users in the speed-limited user set satisfy at least one of the following conditions:
yesterday traffic of the user exceeds a first threshold;
the yesterday ip number of the user exceeds a second threshold value;
yesterday traffic of the user exceeds a third threshold value and yesterday ip number of the user exceeds a fourth threshold value;
the traffic of the user in the last 5 days exceeds a fifth threshold value, and the ip number of the user in the last 5 days exceeds a sixth threshold value;
the user's last 5 days traffic exceeds a seventh threshold and the user's last 5 days ip province number exceeds an eighth threshold.
A third aspect of the present application provides a hotlink management and control device of a cloud platform, where the device includes a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the hotlink management and control method of the cloud platform according to the instructions in the program code.
From the above technical method, the present application has the following advantages:
the anti-theft chain management and control method of the cloud platform comprises the following steps: responding to the download access of a user, and acquiring an Http download request sent by the user; acquiring HTTP _ REFERER information in the Http download request; judging whether the HTTP _ REFERER information is in an HTTP _ REFERER blacklist or not; when the HTTP _ REFERER information is judged to be in the HTTP _ REFERER blacklist, refusing the download access of the user; when the HTTP _ REFERER information is judged not to be in the HTTP _ REFERER blacklist, judging whether the user is a speed-limiting user or not; and when the user is judged to be the speed-limiting user, limiting the downloading speed of the user.
According to the method, after an Http _ referr request sent by a user based on download access is obtained, whether the user is a blacklist user is judged based on the Http _ referr information and an Http _ referr blacklist, when the Http _ referr information is in the Http _ referr blacklist, the user is indicated to be a blacklist user, when the Http _ referr information is not in the Http _ referr blacklist, the user is not a blacklist user, whether the user is a speed-limit user is further judged at this time, when the user is determined to be a speed-limit user, the download speed of the user is limited, through double authentication of the Http _ referr blacklist and the speed-limit user, the control effect of an anti-theft chain is ensured, the control effect of the existing anti-theft chain is better, and the control effect of the existing anti-theft chain is better, so that the technical problem that the control effect of the existing anti-theft chain is poorer is solved.
Drawings
In order to more clearly illustrate the technical method in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without inventive labor.
Fig. 1 is a schematic flowchart illustrating a first embodiment of a method for managing and controlling a hotlink of a cloud platform according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a second embodiment of a method for managing and controlling a hotlink of a cloud platform according to the present application;
fig. 3 is a schematic structural diagram of an embodiment of a download platform in the embodiment of the present application.
Detailed Description
The embodiment of the application provides a method for managing and controlling a theftproof chain of a cloud platform, a downloading platform and equipment, and solves the technical problem of poor effect of managing and controlling the theftproof chain in the prior art.
In order to make the method of the present application better understood, the technical method in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
To facilitate understanding, please refer to fig. 1, where fig. 1 is a schematic flowchart of a first embodiment of a method for managing and controlling a hotlink of a cloud platform according to an embodiment of the present application.
In this embodiment, a method for managing and controlling a hotlink of a cloud platform includes:
step 101, responding to the download access of the user, and acquiring an Http download request sent by the user.
It should be noted that the Http download request may be input by the user after clicking a download button provided on the download platform.
And 102, acquiring HTTP _ REFERER information in the Http download request.
It is understood that the HTTP _ reference information may be obtained by various methods, and those skilled in the art may set the HTTP _ reference information as needed, and the details are not described herein.
Step 103, judging whether the HTTP _ REFERER information is in an HTTP _ REFERER blacklist.
The HTTP _ referr blacklist records HTTP _ referr information of a user in the blacklist, and when the HTTP _ referr information is determined to be in the HTTP _ referr blacklist, it is indicated that the user corresponding to the HTTP _ referr information is a blacklist user, so that a download access of the user is rejected at this time, and when the HTTP _ referr information is determined not to be in the HTTP _ referr blacklist, a subsequent determination may be performed according to recent download information of the user.
And 104, refusing the download access of the user when the HTTP _ REFERER information is judged to be in the HTTP _ REFERER blacklist.
And 105, judging whether the user is the speed-limiting user or not when the HTTP _ REFERER information is judged not to be in the HTTP _ REFERER blacklist.
When the HTTP _ REFERER information is judged not to be in the HTTP _ REFERER blacklist, the user is probably an abnormal user but is not judged to be a blacklist user, so whether the user is a speed-limiting user or not is judged, and when the user is judged to be the speed-limiting user, the current speed of the user is limited.
And step 106, when the user is judged to be the speed-limiting user, limiting the downloading speed of the user.
In this embodiment, after an Http _ refferer message in an Http download request sent by a user based on a download access is acquired, whether the user is a blacklist user may be determined based on the Http _ refferer message and an Http _ refferer blacklist, when the Http _ refferer message is in the Http _ refferer blacklist, it is indicated that the user is a blacklist user, when the Http _ refferer message is not in the Http _ refferer blacklist, the user is not a blacklist user, at this time, whether the user is a rate-limiting user is further determined, and when the user is determined to be a rate-limiting user, a download speed of the user is limited, and a control effect of an anti-theft chain is ensured through dual authentication of the Http _ refferer blacklist and the rate-limiting user.
The foregoing is a first embodiment of a method for managing and controlling a hotlink of a cloud platform according to an embodiment of the present application, and the following is a second embodiment of a method for managing and controlling a hotlink of a cloud platform according to an embodiment of the present application.
Referring to fig. 2, fig. 2 is a flowchart illustrating a second embodiment of a method for managing and controlling a hotlink of a cloud platform according to the present application.
In this embodiment, a method for managing and controlling a hotlink of a cloud platform includes:
step 201, responding to the download access of the user, and acquiring an Http download request sent by the user.
It should be noted that the description of step 201 is the same as that of step 101 in the first embodiment, and reference may be specifically made to the above description, which is not repeated herein.
And step 202, acquiring a download validity period of the download address corresponding to the Http download request.
It can be understood that each download address has a download validity period for downloading, when the download address is accessed within the download validity period, the corresponding resource download can be performed based on the download address, and when the download address is accessed at a time outside the download validity period, the access to the download address is denied, that is, the corresponding resource download cannot be performed through the download address.
Therefore, in this embodiment, after the Http download request sent by the user is obtained, the download validity period of the download address corresponding to the Http download request is first obtained, and after the download validity period is determined, the corresponding processing is performed.
It can be understood that the download validity period in this embodiment is stored in the address parameter corresponding to the download address.
And step 203, judging whether the download address is valid or not based on the initiation time and the download valid period of the Http download request.
And step 204, refusing the downloading access of the user when judging that the downloading address is invalid.
And step 205, when the download address is judged to be valid, executing the subsequent steps.
And step 206, acquiring the access upper limit times and the accessed times of the download address corresponding to the Http download request.
It can be understood that, while the download validity period is judged for the download address, whether the download address has the accessible times is judged based on the access upper limit and the accessed times of the download address, if so, the corresponding resource download is performed based on the download address, and otherwise, the corresponding resource download cannot be performed through the download address.
And step 207, adding the accessed times and executing the subsequent steps when the accessed times are judged to be less than the access upper limit times.
And step 208, refusing the download access of the user when the accessed times are judged to be more than or equal to the access upper limit times.
Step 209, determine if the HTTP _ referr message is in the HTTP _ referr blacklist.
In this embodiment, an HTTP _ referr blacklist is read from a database, and written into a redis cache, where the HTTP _ referr blacklist table field includes: id. Website domain name, creation time. And step 210, refusing the download access of the user when the HTTP _ REFERER information is judged to be in the HTTP _ REFERER blacklist. And step 211, when the HTTP _ REFERER information is judged not to be in the HTTP _ REFERER blacklist, judging whether the user is a speed-limiting user.
Judging whether the user is the speed-limiting user, specifically comprising:
acquiring a speed-limiting user set sent by a big data anti-theft chain analysis platform;
judging whether the user is in the speed-limiting user set or not;
when the user is judged to be in the speed-limiting user set, judging that the user is the speed-limiting user;
and when the user is judged not to be in the speed-limiting user set, judging that the user is not the speed-limiting user.
The users in the speed-limited user set meet at least one of the following conditions:
yesterday traffic of the user exceeds a first threshold;
the yesterday ip number of the user exceeds a second threshold value;
yesterday traffic of the user exceeds a third threshold value and yesterday ip number of the user exceeds a fourth threshold value;
the traffic of the user in the last 5 days exceeds a fifth threshold value, and the ip number of the user in the last 5 days exceeds a sixth threshold value;
the user's last 5 days traffic exceeds a seventh threshold and the user's last 5 days ip province number exceeds an eighth threshold.
It should be noted that, in this embodiment, specific settings of the first threshold, the second threshold, the third threshold, the fourth threshold, the fifth threshold, the sixth threshold, the seventh threshold, and the eighth threshold may be set by a person skilled in the art as needed, and are not limited and described herein.
Yesterday ip number of the user, namely yesterday ip number of the user; the number of ip of the user in the last 5 days, namely the number of ip of the user in the last 5 days, the number of ip provinces of the user in the last 5 days, namely the number of provinces corresponding to the ip of the user in the last 5 days, for example, the number of provinces of the user A in the last 5 days is 5, namely the number of ip provinces of the user in the last 5 days is 5.
It can be understood that the judgment of the speed-limiting user is configured by the big data anti-theft chain analysis platform, and the big data anti-theft chain analysis platform performs analysis once a day by starting the timer, and the flow is as follows:
(1) reading a user download log from a resource pool, acquiring the number of user ip and total download flow through the log, acquiring the number of ip provinces through the user ip, and finally storing data into a user download information table, wherein the stored data comprises the user ip, the user id, date, download flow, the number of the user ip and the number of the ip provinces.
(2) And acquiring data of the user downloading information table about 5 days from the database.
(3) And analyzing the number of the user ip, the number of the ip provinces and the download flow, reading a threshold value, a speed limit value and speed limit days from configuration, wherein different rules comprise different threshold values, speed limit values and speed limit days.
(4) And writing a redis cache into the speed-limited user, wherein the written content comprises a user ID, a speed-limited value and a rule number, and the cache storage time is the number of speed-limited days.
And step 212, when the user is judged to be the speed-limiting user, limiting the downloading speed of the user.
And step 213, when the HTTP _ REFERER information is judged not to be in the HTTP _ REFERER blacklist, generating a download address of the HTTP download request, and sending the download address to the resource pool.
After the anti-theft chain detection is passed, a download address of a resource pool is generated, the parameters are sequenced to generate a signature, the encryption calculation parameters mainly comprise expiration time, user ID, resource ID and a speed limit value, and redirection is carried out so that the user can download the resources. And the resource pool acquires the access information, judges whether the access information is overdue after signature verification is carried out, and returns the resources to the user when the access information is not overdue.
And step 214, acquiring the download resources returned by the resource pool.
Step 215, transmitting the download resource to the user at the limited download speed to complete the download access.
It is understood that the redis cache also stores an upper access limit and the number of times of access.
Compared with the prior art, the anti-theft chain management and control method of the cloud platform has the following beneficial effects:
1. the speed of the user is limited by analyzing the conditions of daily ip quantity, daily download flow, near 5-day ip quantity, near 5-day ip province quantity and near 5-day download flow through the big data anti-theft chain analysis platform, and the user is effectively prevented from stealing the chain.
2. The HTTP _ REFERER blacklist is stored by a database, the HTTP _ REFERER blacklist is flexibly operated, the HTTP _ REFERER blacklist is added into a redis cache, and whether the HTTP _ REFERER is from the blacklist or not is requested through cache fast configuration.
3. And detecting the expiration time (namely judging the download validity) of the download address request, and checking the parameter sequencing signature, thereby effectively ensuring the link security of the download request of the resource pool.
4. The verification of the access times of the download address is carried out, and the unlimited use of the address is prevented.
5. And detecting the expiration time and checking the parameter sequencing signature of the resource pool downloading request, thereby effectively ensuring the security of the resource pool downloading request.
In this embodiment, after an Http _ refferer message in an Http download request sent by a user based on a download access is acquired, whether the user is a blacklist user may be determined based on the Http _ refferer message and an Http _ refferer blacklist, when the Http _ refferer message is in the Http _ refferer blacklist, it is indicated that the user is a blacklist user, when the Http _ refferer message is not in the Http _ refferer blacklist, the user is not a blacklist user, at this time, whether the user is a rate-limiting user is further determined, and when the user is determined to be a rate-limiting user, a download speed of the user is limited, and a control effect of an anti-theft chain is ensured through dual authentication of the Http _ refferer blacklist and the rate-limiting user.
The second embodiment of the method for managing and controlling the anti-theft chain of the cloud platform provided in the embodiment of the present application is as follows.
Referring to fig. 3, fig. 3 is a schematic structural diagram of an embodiment of a download platform according to an embodiment of the present application.
The download platform in this embodiment includes:
a first obtaining unit 301, configured to obtain, in response to a download access of a user, an Http download request sent by the user;
a second obtaining unit 302, configured to obtain Http _ referr information in the Http download request;
a first judging unit 303, configured to judge whether the HTTP _ referr information is in an HTTP _ referr blacklist;
a processing unit 304, configured to reject the download access of the user when it is determined that the HTTP _ referr information is in the HTTP _ referr blacklist;
a second determination unit 305, configured to determine whether the user is a speed-limited user when it is determined that the HTTP _ referr information is not in the HTTP _ referr blacklist;
and the limiting unit 306 is used for limiting the downloading speed of the user when the user is judged to be the speed-limiting user.
Further, judging whether the user is a speed-limiting user specifically comprises:
acquiring a speed-limiting user set sent by a big data anti-theft chain analysis platform;
judging whether the user is in the speed-limiting user set or not;
when the user is judged to be in the speed-limiting user set, judging that the user is the speed-limiting user;
and when the user is judged not to be in the speed-limiting user set, judging that the user is not the speed-limiting user.
Further, the users in the speed-limited user set meet at least one of the following conditions:
yesterday traffic of the user exceeds a first threshold;
the yesterday ip number of the user exceeds a second threshold value;
yesterday traffic of the user exceeds a third threshold value and yesterday ip number of the user exceeds a fourth threshold value;
the traffic of the user in the last 5 days exceeds a fifth threshold value, and the ip number of the user in the last 5 days exceeds a sixth threshold value;
the user's last 5 days traffic exceeds a seventh threshold and the user's last 5 days ip province number exceeds an eighth threshold.
The downloading platform of the embodiment first responds to the downloading access of the user and obtains an Http downloading request sent by the user; acquiring HTTP _ REFERER information in an Http download request; judging whether the HTTP _ REFERER information is in an HTTP _ REFERER blacklist or not; when the HTTP _ REFERER information is judged to be in the HTTP _ REFERER blacklist, the downloading access of the user is refused; when the HTTP _ REFERER information is judged not to be in the HTTP _ REFERER blacklist, judging whether the user is a speed-limiting user or not; and when the user is judged to be the speed-limiting user, limiting the downloading speed of the user. The problem of the relatively poor technical problem of current pickproof chain management and control effect is solved.
The embodiment of the application also provides an embodiment of a hotlink management and control device of the cloud platform, wherein the device comprises a processor and a memory; the memory is used for storing the program codes and transmitting the program codes to the processor; the processor is used for executing the anti-theft chain management and control method of the cloud platform according to the instructions in the program codes.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The terms "first," "second," "third," "fourth," and the like in the description of the application and the above-described figures, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that in the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" for describing an association relationship of associated objects, indicating that there may be three relationships, e.g., "a and/or B" may indicate: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of single item(s) or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
In the several embodiments provided in the present application, it should be understood that the disclosed system, commodity loading server and method may be implemented in other ways. For example, the above-described embodiments of the merchandise loading server are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when the actual implementation is performed, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed coupling or direct coupling or communication connection between each other may be an indirect coupling or communication connection through some interfaces, commodity loading server or unit, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (10)

1. A method for managing and controlling a hotlink of a cloud platform is applied to a download platform and is characterized by comprising the following steps:
responding to the download access of a user, and acquiring an Http download request sent by the user;
acquiring HTTP _ REFERER information in the Http download request;
judging whether the HTTP _ REFERER information is in an HTTP _ REFERER blacklist or not;
when the HTTP _ REFERER information is judged to be in the HTTP _ REFERER blacklist, refusing the download access of the user;
when the HTTP _ REFERER information is judged not to be in the HTTP _ REFERER blacklist, judging whether the user is a speed-limiting user or not;
and when the user is judged to be the speed-limiting user, limiting the downloading speed of the user.
2. The method for managing and controlling the anti-theft chain of the cloud platform according to claim 1, wherein judging whether the user is a speed-limiting user specifically includes:
acquiring a speed-limiting user set sent by a big data anti-theft chain analysis platform;
judging whether the user is in the speed-limiting user set;
when the user is judged to be in the speed-limiting user set, judging that the user is a speed-limiting user;
and when the user is judged not to be in the speed-limiting user set, judging that the user is not a speed-limiting user.
3. The method for managing and controlling the anti-theft chain of the cloud platform according to claim 2, wherein users in the set of speed-limited users meet at least one of the following conditions:
yesterday traffic of the user exceeds a first threshold;
the yesterday ip number of the user exceeds a second threshold value;
yesterday traffic of the user exceeds a third threshold value and yesterday ip number of the user exceeds a fourth threshold value;
the traffic of the user in the last 5 days exceeds a fifth threshold value, and the ip number of the user in the last 5 days exceeds a sixth threshold value;
the user's last 5 days traffic exceeds a seventh threshold and the user's last 5 days ip province number exceeds an eighth threshold.
4. The method for managing and controlling the anti-theft chain of the cloud platform according to claim 1, further comprising:
when the HTTP _ REFERER information is judged not to be in the HTTP _ REFERER blacklist, generating a download address of the HTTP download request, and sending the download address to a resource pool;
acquiring a download resource returned by the resource pool;
and transmitting the downloading resource to the user at the limited downloading speed so as to finish downloading access.
5. The method for managing and controlling the anti-theft chain of the cloud platform according to claim 1, wherein obtaining Http _ referr information in the Http download request further includes:
acquiring the download validity period of a download address corresponding to the Http download request;
judging whether the download address is valid or not based on the initiation time of the Http download request and the download validity period;
when the download address is judged to be invalid, refusing the download access of the user;
and when the download address is judged to be valid, executing the subsequent steps.
6. The method for managing and controlling the anti-theft chain of the cloud platform according to claim 1, wherein obtaining Http _ referr information in the Http download request further includes:
acquiring the access upper limit times and the accessed times of the download address corresponding to the Http download request;
when the number of accessed times is judged to be smaller than the access upper limit number of times, adding the number of accessed times together and executing the subsequent steps;
and when the accessed times are judged to be more than or equal to the access upper limit times, refusing the download access of the user.
7. A download platform, comprising:
the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for responding to the downloading access of a user and acquiring an Http downloading request sent by the user;
a second obtaining unit, configured to obtain Http _ referr information in the Http download request;
a first judging unit, configured to judge whether the HTTP _ refferer information is in an HTTP _ refferer blacklist;
the processing unit is used for refusing the download access of the user when the HTTP _ REFERER information is judged to be in the HTTP _ REFERER blacklist;
a second judging unit, configured to judge whether the user is a speed-limited user when it is judged that the HTTP _ referr information is not in the HTTP _ referr blacklist;
and the limiting unit is used for limiting the downloading speed of the user when the user is judged to be the speed-limiting user.
8. The downloading platform of claim 7, wherein determining whether the user is a rate-limiting user specifically comprises:
acquiring a speed-limiting user set sent by a big data anti-theft chain analysis platform;
judging whether the user is in the speed-limiting user set;
when the user is judged to be in the speed-limiting user set, judging that the user is a speed-limiting user;
and when the user is judged not to be in the speed-limiting user set, judging that the user is not a speed-limiting user.
9. The download platform of claim 8, wherein users in the set of speed limited users meet at least one of the following conditions:
yesterday traffic of the user exceeds a first threshold;
the yesterday ip number of the user exceeds a second threshold value;
yesterday traffic of the user exceeds a third threshold value and yesterday ip number of the user exceeds a fourth threshold value;
the traffic of the user in the last 5 days exceeds a fifth threshold value, and the ip number of the user in the last 5 days exceeds a sixth threshold value;
the user's last 5 days traffic exceeds a seventh threshold and the user's last 5 days ip province number exceeds an eighth threshold.
10. The anti-theft chain management and control equipment of the cloud platform is characterized by comprising a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the anti-hotlink management and control method of the cloud platform according to any one of claims 1 to 6 according to instructions in the program code.
CN202110134037.3A 2021-01-27 2021-01-27 Anti-theft chain management and control method of cloud platform, downloading platform and equipment Active CN112866272B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110134037.3A CN112866272B (en) 2021-01-27 2021-01-27 Anti-theft chain management and control method of cloud platform, downloading platform and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110134037.3A CN112866272B (en) 2021-01-27 2021-01-27 Anti-theft chain management and control method of cloud platform, downloading platform and equipment

Publications (2)

Publication Number Publication Date
CN112866272A true CN112866272A (en) 2021-05-28
CN112866272B CN112866272B (en) 2022-11-01

Family

ID=75987342

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110134037.3A Active CN112866272B (en) 2021-01-27 2021-01-27 Anti-theft chain management and control method of cloud platform, downloading platform and equipment

Country Status (1)

Country Link
CN (1) CN112866272B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130346552A1 (en) * 2011-02-24 2013-12-26 Tencent Technology (Shenzhen) Company Limited Download method, system, and device for mobile terminal
CN103685465A (en) * 2012-11-29 2014-03-26 乐视致新电子科技(天津)有限公司 Uniform download management and download speed-limiting method
WO2018095223A1 (en) * 2016-11-22 2018-05-31 阿里巴巴集团控股有限公司 Method and device for processing chat log of real-time chat tool
CN109413000A (en) * 2017-08-15 2019-03-01 吴波 A kind of anti-stealing link method and door chain gateway system
CN112055036A (en) * 2019-06-05 2020-12-08 阿里巴巴集团控股有限公司 Data downloading method, device, equipment, system and readable storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130346552A1 (en) * 2011-02-24 2013-12-26 Tencent Technology (Shenzhen) Company Limited Download method, system, and device for mobile terminal
CN103685465A (en) * 2012-11-29 2014-03-26 乐视致新电子科技(天津)有限公司 Uniform download management and download speed-limiting method
WO2018095223A1 (en) * 2016-11-22 2018-05-31 阿里巴巴集团控股有限公司 Method and device for processing chat log of real-time chat tool
CN109413000A (en) * 2017-08-15 2019-03-01 吴波 A kind of anti-stealing link method and door chain gateway system
CN112055036A (en) * 2019-06-05 2020-12-08 阿里巴巴集团控股有限公司 Data downloading method, device, equipment, system and readable storage medium

Also Published As

Publication number Publication date
CN112866272B (en) 2022-11-01

Similar Documents

Publication Publication Date Title
CN109743315B (en) Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website
US9032085B1 (en) Identifying use of software applications
US20180039770A1 (en) Multi-Factor Profile and Security Fingerprint Analysis
CN104836781B (en) Distinguish the method and device for accessing user identity
CN103679031B (en) A kind of immune method and apparatus of file virus
JP5165670B2 (en) Unauthorized use determination server and method
CN109194671B (en) Abnormal access behavior identification method and server
CN109698809B (en) Method and device for identifying abnormal login of account
US9934310B2 (en) Determining repeat website users via browser uniqueness tracking
US8484742B2 (en) Rendered image collection of potentially malicious web pages
US11831617B2 (en) File upload control for client-side applications in proxy solutions
JP2007164661A (en) Program, device and method for user authentication
CN111818066B (en) Risk detection method and device
CN110708335A (en) Access authentication method and device and terminal equipment
CN106254528B (en) Resource downloading method and caching device
US20180069881A1 (en) Forensic analysis
CN111460394A (en) Copyright file verification method and device and computer readable storage medium
CN112131507A (en) Website content processing method, device, server and computer-readable storage medium
CN108809928B (en) Network asset risk portrait method and device
CN106656455A (en) Website access method and device
CN112511535A (en) Equipment detection method, device, equipment and storage medium
EP2896005A1 (en) Multi-factor profile and security fingerprint analysis
CN110929129A (en) Information detection method, equipment and machine-readable storage medium
CN112866272B (en) Anti-theft chain management and control method of cloud platform, downloading platform and equipment
CN111104685B (en) Dynamic updating method and device for two-dimension code

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20211208

Address after: Room 1423, No. 1256 and 1258, Wanrong Road, Jing'an District, Shanghai 200040

Applicant after: Tianyi Digital Life Technology Co.,Ltd.

Address before: 1 / F and 2 / F, East Garden, Huatian International Plaza, 211 Longkou Middle Road, Tianhe District, Guangzhou, Guangdong 510000

Applicant before: Century Dragon Information Network Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240321

Address after: Unit 1, Building 1, China Telecom Zhejiang Innovation Park, No. 8 Xiqin Street, Wuchang Street, Yuhang District, Hangzhou City, Zhejiang Province, 311100

Patentee after: Tianyi Shilian Technology Co.,Ltd.

Country or region after: Zhong Guo

Address before: Room 1423, No. 1256 and 1258, Wanrong Road, Jing'an District, Shanghai 200040

Patentee before: Tianyi Digital Life Technology Co.,Ltd.

Country or region before: Zhong Guo